.\" $Id: mip6d.conf.tmpl 1.33 06/05/12 11:48:36+03:00 vnuorval@tcs.hut.fi $
.TH mip6d.conf 5 "January 31, 2006" "" "Mobile IPv6 Daemon Configuration"
.SH NAME
mip6d.conf \- MIPL Mobile IPv6 Configuration file
.SH SYNOPSIS
.B /usr/local/etc/mip6d.conf
.sp
.SH DESCRIPTION
MIPL Mobile IPv6 daemon's configuration file
.P
Below is a list of currently supported configuration options. All
configuration lines are terminated with a semicolon.  Sub-sections are
enclosed in '{' and '}'.  Strings are quoted with double quotes.

.SH COMMON OPTIONS

The file contains the following common definitions:
.TP
.BR "NodeConfig " "CN | HA | MN" ";"

Indicates if the daemon should run in Correspondent Node, Home Agent or
Mobile Node mode.

Default: CN

.TP
.BR "DebugLevel "  number ";"

Indicates the debug level of the daemon.  If the value is greater than
zero, the daemon will not detach from tty (i.e. debug messages will be
printed on the controlling tty).

Default: 0

.TP
.BR "DoRouteOptimizationCN " "boolean" ";"

Indicates if a node should participate in route optimization with a
Mobile Node.

Default: enabled

.TP
.BR "NonVolatileBindingCache " "boolean" ";"

This option is currently ignored.  Binding cache is always stored in
volatile memory, and is not retained between shutdown and startup.

.SH OPTIONS COMMON TO HOME AGENT AND MOBILE NODE

.TP
These options are used both in the Home Agent and Mobile Node:
.TP
.BR "Interface " "name" ";"
.TP
.nf
.BR "Interface " "name" " {"
.BR "	MnIfPreference " "number" ";"
.BR "	IfType " "CN | HA | MN" ";"
.B }
.fi

Specifies an interface and options associated with it.  If no options
are present, 
.B Interface
can be terminated with semi-colon.  This is used for home agent to
specify which interfaces are used for HA operation.  For the home
agent to function properly, a Router Advertisement daemon (e.g. radvd)
must broadcast advertisements with the Home Agent bit and Home Agent
Information Option set on these interfaces.  This option is also
used by multihomed Mobile Nodes to define which interfaces are used by it.

.B MnIfPreference
sets the interface preference value for an interface in a multi-homed
Mobile Node.  The most preferred intefaces have preference 1, the
second most preferred have 2, etc.  A preference of zero means the
interface will not be used.

Default: 5

.B IfType
overrides the default node behavior for this interface. If a MN doesn't
wish to use this inteface for mobility, or a node doesn't act as HA on
this interface, the interface type should be set to CN.

Default: same as
.B NodeConfig


.TP
.BR "UseMnHaIPsec " "boolean" ";"

Indicates if the MN-HA MIPv6 signalling should be protected with IPsec.

Default: enabled

.TP
.BR "KeyMngMobCapability " "boolean" ";"

If dynamic keying with MIPv6-aware IKE is used, this options should be
enabled.  It turns on the K-bit for binding updates and binding
acknowledgements.

Default: disabled

.TP
.nf
.BR "IPsecPolicySet {"
.BR "	HomeAgentAddress " "address" ";"
.BR "	HomeAddress " "address/length" ";"
.BR "	IPsecPolicy ..."
.BR "	...
.BR "}"
.fi

.B IPsecPolicySet
is a set of policies to apply for matching packets.  A policy set can
contain multiple
.B HomeAddress
options, but only one
.B HomeAgentAddress
option.  For home agent, home agent address field contains its own
address, and home address fields may contain any number of mobile
nodes for which the same policy applies.

.B IPsecPolicy
has the following format:

.TP
.BR "IPsecPolicy " "type " "UseESP" "number number" ";"

Field 
.B type 
can be one of HomeRegBinding, Mh, MobPfxDisc, ICMP, any, TunnelMh,
TunnelHomeTesting, or TunnelPayload.  The any option protects all
transport mode communication between the MN and HA.  Currently only
the ESP IPsec protocol is supported, but in the future AH and IPComp
might also be available.  The two remaining numeric fields are the
IPsec reqid values, the first one used for MN - HA, the second one for
HA - MN communication.  If just one value is defined, the same reqid
will be used in both directions.  If no reqid is given, reqid will not
be used.

If more that one IPsec transport mode or tunnel mode policy is defined
between the MN and HA in each direction, reqid can be used to provide
an unambiguous one-to-one mapping between IPsec policies and SAs.
Otherwise the policies will just share a common SA.

.SH HOME AGENT SPECIFIC OPTIONS

The following definitions are ignored unless the node is configured as a HA:

.TP
.BR "HaMaxBindingLife " "number" ";"

Limits the maximum lifetime (in seconds) for Mobile Node home registrations.

Default: 262140

.TP
.BR "SendMobPfxAdvs " "boolean" ";"

Controls whether home agent sends Mobile Prefix Advertisements to
mobile nodes in foreign networks.

.TP
.BR "SendUnsolMobPfxAdvs " "boolean" ";"

Controls whether home agent send unsolicited Mobile Prefix
Advertisements to mobile nodes in foreign networks.

.TP
.BR "MinMobPfxAdvInterval " "number" ";"

Sets a minimum interval (in seconds) for Mobile Prefix Advertisements.

Default: 600

.TP
.BR "MaxMobPfxAdvInterval " "number" ";"

Sets a maximum interval (in seconds) for Mobile Prefix Advertisements.

Default: 86400

.TP
.BR "BindingAclPolicy " "address " "allow | deny"

Defines if a MN is allowed to register with the HA or not. The MN home address
of the MN is given in the address field."

.TP
.BR "DefaultBindingAclPolicy allow | deny"

Defines the default policy if no matching BindingAclPolicy entry is found for
a MN.

Default: allow

.SH MOBILE NODE SPECIFIC OPTIONS

The following definitions are ignored unless the node is configured as a MN:

.TP
.BR "MnMaxHaBindingLife " "number" ";"

Limits the maximum lifetime (in seconds) for Mobile Node home registrations.

Default: 262140

.TP
.BR "MnMaxCnBindingLife " "number" ";"

Limits the maximum lifetime (in seconds) for Mobile Node Correspondent
Node registrations.

Default: 420

.TP
.BR "MnDiscardHaParamProb " "boolean" ";"

Toggles if the Mobile Node should discard ICMPv6 Parameter Problem messages
from its Home Agent.  As the ICMPv6 error messages won't normally be protected
by IPsec, a malicious third party can quite easily impersonate the HA to the
MN.  Having the MN accept these messages therefore leaves it open to Denial
of Service attacks, even though its home registration signalling is protected
by IPsec.

Default: disabled

.TP
.BR "SendMobPfxSols " "boolean" ";"

Controls whether mobile node sends Mobile Prefix Solicitations to the
home network.

.TP
.BR "DoRouteOptimizationMN " "boolean" ";"

Indicates if the Mobile Node should initialize route optimization with
Corresponent Nodes.

Default: enabled

.TP
.BR "MnUseAllInterfaces enabled | disabled"

Indicates if all interfaces should be used for mobility.  The preference
of these interfaces is always 1.  Unless you use dynamically created and
named network interfaces you should normally disable this option and use
.B Interface
options to explicitly list the used interfaces. 

Default: disabled

.TP
.BR "UseCnBuAck " "boolean" ";"

Indicates if the Acknowledge bit should be set in Binding Updates sent to
Corresponent Nodes.

Default: disabled

.TP
.BR "MnRouterProbes " "number" ";"

Indicates how many times the MN should send Neighbor Unreachability
Detection probes to its old router after receiving a Router
Advertisement from a new one.  If the option is set to zero, the MN
will move to the new router straight away.

Default: 0

.TP
.BR "MnRouterProbeTimeout " "decimal" ";"

Indicates how long (in seconds) the MN should wait for a reply during
a access router Neighbor Unreachability Detection probe.  If set, it
overrides any default Neighbor Solicitation Retransmit Timer value
greater than MnRouterProbeTimeout.  For example, if the interface
Retransmit Timer is 1 second, but MnRouterProbeTimeout is just 0.2
seconds, the MN will only wait 0.2 seconds for a Neighbor Advertisement
before proceeding with the handoff.

Default: 0

.TP
.BR "OptimisticHandoff  enabled | disabled"

When a Mobile Node sends a Binding Update to the Home Agent, no Route
Optimized or reverse tunneled traffic is sent until a Binding
Acknowledgement is received. When enabled, this option allows the
Mobile Node to assume that the binding was successful right after the
BU has been sent, and does not wait for a positive acknowledgement
before using RO or reverse tunneling.

Default: disabled;

.TP
.nf
.BR "MnHomeLink " "name " "{"
.BR "	HomeAddress " "address/length" ";"
.BR "	HomeAgentAddress " "address" ";"
.BR "	MnRoPolicy ..."
.BR "	..."
.BR "}"
.fi

Each 
.B MnHomeLink 
definition has a name.  This is the name (enclosed in double quotes)
of the interface used for connecting to the physical home link.  To
set up multiple Home Addresses on the Mobile Node, you need to define
multiple
.B MnHomeLink
structures.  The interface names don't have to be unique in these
definitions.  All the home link specific definitions are detailed below: 

.TP
.BR "HomeAddress " "address/length" ";"

Address is an IPv6 address, and length the prefix length of the
address, usually 64.  This option must be included in a home link
definition.

.TP
.BR "HomeAgentAddress " "address" ";"

Address is the IPv6 address of the Mobile Node's Home Agent. DHAAD is used
if it is the unspecified address ::.

Default: ::

.TP
The route optimization policies are of the form:

.TP
.BR "MnRoPolicy " "address boolean" ";"

Any number of these policies may be defined. If no policies are defined default
behavior depends on the
.B DoRouteOptimizationMN
option.

The fields for a route optimization policy entry are as follows: 
.B address
defines the Correspondent Node this policy applies to, if left
undefined the uspecified address is used as a wildcard value 
.B boolean
sets route optimization either enabled or disabled for packets
matching this entry.

.SH EXAMPLES

.TP
.BR "A Correspondent Node example:"

.nf
NodeConfig CN;

DoRouteOptimizationCN enabled;
.fi

.TP
.BR "A Home Agent example:"

.nf
NodeConfig HA;

Interface "eth0";
Interface "eth1";

UseMnHaIPsec enabled;

IPsecPolicySet {
        HomeAgentAddress 3ffe:2620:6:1::1;

        HomeAddress 3ffe:2620:6:1::1234/64;
        HomeAddress 3ffe:2620:6:1::1235/64;

        IPsecPolicy HomeRegBinding UseESP;
        IPsecPolicy TunnelMh UseESP;
}
.fi

.TP
.BR "A Mobile Node example:"

.nf
NodeConfig MN;

DoRouteOptimizationCN enabled;

DoRouteOptimizationMN enabled;

UseCnBuAck enabled;

MnHomeLink "eth0" {
        HomeAgentAddress 3ffe:2620:6:1::1;
        HomeAddress 3ffe:2620:6:1::1234/64;

        #			address			opt.
        #MnRoPolicy	3ffe:2060:6:1::3	enabled;
        #MnRoPolicy					disabled;
}

UseMnHaIPsec enabled;

IPsecPolicySet {
        HomeAgentAddress 3ffe:2620:6:1::1;
        HomeAddress 3ffe:2620:6:1::1234/64;

        IPsecPolicy HomeRegBinding UseESP;
        IPsecPolicy TunnelMh UseESP;
}
.fi

.SH SEE ALSO
.BR mip6d (1),
.BR mipv6 (7),
.PP
RFC3775: Mobility Support in IPv6,
.PP
RFC3776: Using IPsec to Protect Mobile IPv6 Signaling Between Mobile
Nodes and Home Agents
